I need to build a secure login with PHP (as secure as possible but no SSL).
Right now I have a php file I include that has several variables as constants for username, password and other settings.
My main problem is I've never built a login before, so I dont know what I should put in the session or cookie?
So far my ideas are putting the username, random number (token), IP address and user_agent in the session/cookie. But I dont think putting the username is a good idea, what should I have in the session/cookie?
I've looked at several tutorials online, searched the board and many are old, insecure or not good examples since they use a database.
Any ideas?😕
